fro/lnx-arch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

u

Browse Source
This commit is contained in:
committer
2024-06-05 16:34:38 -05:00
parent 8d792c8969
commit ae11a84a69
1 changed files with 79 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
dots/bin/deployGnupgKeys.sh
View File

@@ -2,78 +2,90 @@
# klevstul :: 24.06 # klevstul :: 24.06
# how to backup gpg:
# gpg --export --export-options backup --output public.gpg frode@thisworld.is
# gpg --export-secret-keys --export-options backup --output private.gpg frode@thisworld.is
# ref: https://www.howtogeek.com/816878/how-to-back-up-and-restore-gpg-keys-on-linux/
this_file_name=`basename "$0"` this_file_name=`basename "$0"`
echo "$this_file_name" echo "$this_file_name"
# location of ssh keys # location of ssh keys
syncdir_env_var=SYNCDIR_${HOSTNAME} syncdir_env_var=SYNCDIR_${HOSTNAME}
src_gnupg_dir=${!syncdir_env_var}/secrets/.gnupg src_gnupg_dir=${!syncdir_env_var}/secrets/gnupg
trg_gnupg_dir=~/.gnupg
echo "\$SYNCDIR_${HOSTNAME}=${!syncdir_env_var}" gpg --import ${src_gnupg_dir}/public.gpg
echo "src_gnupg_dir: ${src_gnupg_dir}" gpg --import ${src_gnupg_dir}/private.gpg
if ! [[ -d ${src_gnupg_dir} ]]; then gpg --list-secret-keys --keyid-format LONG
echo "error: non-existing directory '${src_gnupg_dir}'" >&2; exit 1
fi
if ! [[ -d "$trg_gnupg_dir" ]]; then #trg_gnupg_dir=~/.gnupg
echo "creating non-existing target dir '${trg_gnupg_dir}'." #
mkdir -p ${trg_gnupg_dir} #echo "\$SYNCDIR_${HOSTNAME}=${!syncdir_env_var}"
fi #echo "src_gnupg_dir: ${src_gnupg_dir}"
#
the_file=trustdb.gpg #if ! [[ -d ${src_gnupg_dir} ]]; then
if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then # echo "error: non-existing directory '${src_gnupg_dir}'" >&2; exit 1
echo "deploy ${the_file}" #fi
cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir} #
else #if ! [[ -d "$trg_gnupg_dir" ]]; then
echo "${the_file} already exist in ${trg_gnupg_dir}" # echo "creating non-existing target dir '${trg_gnupg_dir}'."
fi # mkdir -p ${trg_gnupg_dir}
#fi
the_file=pubring.kbx #
if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then #the_file=trustdb.gpg
echo "deploy ${the_file}" #if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then
cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir} # echo "deploy ${the_file}"
else # cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir}
echo "${the_file} already exist in ${trg_gnupg_dir}" #else
fi # echo "${the_file} already exist in ${trg_gnupg_dir}"
#fi
the_directory=openpgp-revocs.d #
if ! [[ -d ${trg_gnupg_dir}/${the_directory} ]]; then #the_file=pubring.kbx
echo "deploy ${the_directory}" #if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then
cp -r ${src_gnupg_dir}/${the_directory} ${trg_gnupg_dir} # echo "deploy ${the_file}"
else # cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir}
echo "${the_directory} already exist in ${trg_gnupg_dir}" #else
fi # echo "${the_file} already exist in ${trg_gnupg_dir}"
#fi
the_file=private-keys-v1.d.7z.gpg #
if ! [[ -d ${trg_gnupg_dir}/private-keys-v1.d ]]; then #the_directory=openpgp-revocs.d
echo "deploy private-keys-v1.d" #if ! [[ -d ${trg_gnupg_dir}/${the_directory} ]]; then
cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir} # echo "deploy ${the_directory}"
else # cp -r ${src_gnupg_dir}/${the_directory} ${trg_gnupg_dir}
echo #else
echo "ERROR: directory 'private-keys-v1.d' already exist in ${trg_gnupg_dir}" # echo "${the_directory} already exist in ${trg_gnupg_dir}"
echo "rename or delete existing directory and try again (backup the content if needed)." #fi
exit 1 #
fi #the_file=private-keys-v1.d.7z.gpg
#if ! [[ -d ${trg_gnupg_dir}/private-keys-v1.d ]]; then
echo "do you want to unpack and decrypt ${the_file}? (y/n)" # echo "deploy private-keys-v1.d"
read user_input # cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir}
#else
if [[ ${user_input} == "y" ]]; then # echo
echo "yes" # echo "ERROR: directory 'private-keys-v1.d' already exist in ${trg_gnupg_dir}"
echo "please, remember the hint: poq.l2" # echo "rename or delete existing directory and try again (backup the content if needed)."
gpg -d ${trg_gnupg_dir}/${the_file} > ${trg_gnupg_dir}/private-keys-v1.d.7z # exit 1
7za x ${trg_gnupg_dir}/private-keys-v1.d.7z -o${trg_gnupg_dir} #fi
chmod 0600 ${trg_gnupg_dir}/private-keys-v1.d/* # private keys should not be accessible by other users #
#echo "do you want to unpack and decrypt ${the_file}? (y/n)"
trash-put ${trg_gnupg_dir}/private-keys-v1.d.7z.gpg #read user_input
trash-put ${trg_gnupg_dir}/private-keys-v1.d.7z #
else #if [[ ${user_input} == "y" ]]; then
echo "no worries. you can manually unpack and decrypt the file, if needed:" # echo "yes"
echo "gpg -d private-keys-v1.d.7z.gpg > private-keys-v1.d.7z" # echo "please, remember the hint: poq.l2"
echo "7za x -private-keys-v1.d.7z" # gpg -d ${trg_gnupg_dir}/${the_file} > ${trg_gnupg_dir}/private-keys-v1.d.7z
fi # 7za x ${trg_gnupg_dir}/private-keys-v1.d.7z -o${trg_gnupg_dir}
# chmod 0600 ${trg_gnupg_dir}/private-keys-v1.d/* # private keys should not be accessible by other users
echo "${trg_gnupg_dir}:" #
ls -al ${trg_gnupg_dir} # trash-put ${trg_gnupg_dir}/private-keys-v1.d.7z.gpg
# trash-put ${trg_gnupg_dir}/private-keys-v1.d.7z
#else
# echo "no worries. you can manually unpack and decrypt the file, if needed:"
# echo "gpg -d private-keys-v1.d.7z.gpg > private-keys-v1.d.7z"
# echo "7za x -private-keys-v1.d.7z"
#fi
#
#echo "${trg_gnupg_dir}:"
#ls -al ${trg_gnupg_dir}
#